4441 matches found
Known v1.3.1 contains Insecure Direct Object Reference
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...
GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...
CVE-2022-30852
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...
CVE-2022-30852
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...
Design/Logic Flaw
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...
CVE-2022-30852
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...
CVE-2022-30852
Known v1.3.1 contains an Insecure Direct Object Reference (IDOR) in the Known CMS. The vulnerability arises from getContent()/postContent() in the Homepage class (Homepage.php), where createGatekeeper() enables unauthorized access to admin settings, effectively exposing admin-panel configuration ...
CrackQL - GraphQL Password Brute-Force And Fuzzing Utility
CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...
CVE-2022-23173 Priority - Priority web Insecure direct object references (IDOR)
this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get a...
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
Design/Logic Flaw
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
CVE-2022-31883
Marval MSM v14.19.0.12476 is affected by an Insecure Direct Object Reference (IDOR) vulnerability. A low-privilege user can view other users’ API keys, including Admins’ API keys. Root cause: IDOR flaw in the application’s handling of user/API key access. Impact stated in the provided sources is ...
Marval MSM 安全漏洞
Marval MSM is an innovative IT Service Management software from Marval UK. A security vulnerability exists in Marval MSM version v14.19.0.12476, which stems from an insecure Direct Object Reference IDOR vulnerability that allows even a low-privileged user to view other user's API keys, including...
CVE-2022-30760
An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...
Design/Logic Flaw
An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...
CVE-2022-30760
An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...
CVE-2022-30760
Vulnerability context: CVE-2022-30760 affects the ihb eG FlexNow product (fn2Web) prior to version 2.04.09.016. The issue is an insecure direct object reference (IDOR) that allows remote authenticated users to access sensitive student data by altering the student ID parameter in a POST to the Fro...
CVE-2022-29627
An insecure direct object reference IDOR in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers...